security is expensive.
It is unfeasible to host the site in house, since it would require a huge capital upfront.
Plugging on and off an hard disk from a hot swap bay in a datacenter roughly takes 30 minutes.
A premium datacenter (rackspace) charge roughly 350$ per hour in sensitive datacenters.
It's much cheaper to do this remotely.
How I would do it? Online wallet with all the keys for people to deposit funds and so on. Figure out what percentage of funds you need to keep "online" in a buffer so that users can hit withdraw and have it go through in a timely fashion, all the rest of it is periodically (maybe in 1~4 hour intervals, so as to avoid too much fees) swept into an offline wallet. This offline wallet sits on a machine that's behind a LAN/firewall, that has it's one sole purpose is to be cold storage.
Whenever the amount of funds is over whatever your threshold is for your buffer, the funds are swept into cold storage. If you notice the buffer is getting a bit empty (lots of withdrawals and little deposits), then you go over the entire balance sheet and make sure all the numbers add up. There should be X amount in the exchange, and that's how much is there. If everything checks out and you're still low, you initiate a transfer from your cold storage wallet to your active wallet.
It's a teeny bit more fees, but it beats the snot out of the exposure of being wiped out if your exchange is hacked. If your threshold is 10% of all funds need to be available for withdrawal (I would imagine if you had a bunch of market makers on your site your threshold is much lower than that), then you're only on the hook for 10% of whatever BTC are in your stewardship. I don't know what the margins are for exchanges, but I would imagine it's not unreasonable to expect if you can go a few months without getting owned that you may even have this in reserves.
But that's just me - I can't understand why anyone would get taken for 50+% of what they're holding if they purport to know what they're doing.
